SCBWI's Blueboard - A Message & Chat Board

EU G.D.P.R. and http vs. https

Discussion started on

Member
Poster Plus
  • *
  • SCBWI Member
  • SCBWI PAL
  • SCBWI Region sfnortheastbay
With all the hooptidoo  about the GTPR rules beginning enforcement today, I got to thinking about another matter, possibly much more relevant to writers' sites  whether you collect financial information through your site or not. It's the matter of adding an SSL certificate. I thought it was not applicable to me as I do not sell ANYTHING from any of my sites, but after some reading I realized it was the prudent thing to do. It's the matter of having our sites encrypted and secured, something Google has been urging for over a year.

So I'm sure the techies (like the very helpful Frequency on our boards) will do a face-palm at our naiveté, and most writers who have acquiesced to the reality of having personal blogs or sites would rather not think about either of the above. (I know because I'm one of the non techies of which I write.)

But as one who does not collect data nor run adds, I think the EU rules are unlikely to affect me. The matter of adding an SSL certificate to my personal site has, however, weighed on me. So I bit the bullet and did it.


If you use Blogger or WordPress or Weebly, the "s" in the httpS was either added by these companies, or a simple action by you would add it and redirect all old links to it. If you have your own domain on another host, you may need to take action as I just did.

I bring it up here to see if anyone has more insight on these matters. Internet security and rules regarding privacy are everywhere on other chat boards, but I seem to miss them here. 


Your thoughts?  :trenchcoat
#1 - May 25, 2018, 10:04 AM
« Last Edit: May 25, 2018, 11:36 AM by 217mom »
THE VOICE OF THUNDER, WiDo Publishing Aug 2012
THERE'S A TURKEY AT THE DOOR, Hometown520 July 2011

www.mirkabreen.com
http://mirkabreen.BlogSpot.com

The truth is that HTTPS attacks have been rampant over the last couple years. HTTPS really doesn't offer much more in the way of security. It's kind of like a walk button by a signal light. It may help you cross the road, but it probably doesn't do anything to make you safer.

Sure there is an expectation that websites have SSL certificates now, but do you need to worry about it? Probably not, unless you are transmitting data (i.e. selling, using logins) -- but I would think most people use probably third party services that have their own security.
#2 - May 26, 2018, 10:28 AM

Member
Poster Plus
  • *
  • SCBWI Member
  • SCBWI PAL
  • SCBWI Region sfnortheastbay
You won't get an argument from me regarding complete safety on the Internet. It's not possible, I realize.


What I also noted is that the same techies who say that SSL certificates mean little, stress that you should never give your password or pay on any site that doesn't have it. Alas, it can't be both ways. Encryption of communication to/from our sites is part of being a thoughtful resident/citizen of the Internet.

I also foresee a day soon when no site would be without verification of authorship & encryption as part of every set up.

It's still relatively early days. Like the time when in small town America half the people didn't lock their doors. In the virtual world this is changing, and we're now where front doors are locked by half the virtual homes. Would a lock keep every thief out? No. But they'd have to work harder to get in.
#3 - May 27, 2018, 09:24 PM
THE VOICE OF THUNDER, WiDo Publishing Aug 2012
THERE'S A TURKEY AT THE DOOR, Hometown520 July 2011

www.mirkabreen.com
http://mirkabreen.BlogSpot.com

Thanks for the mention Mirka!.

There's two separate things here so I'll address them one at a time and as briefly as possible as they are complex things. Firstly SSL or https on websites. It used to be the case that you would only see the green padlock on sites that sold something or engaged in ecommerce with credit card details etc. These sites needed an extra layer of security for obvious reasons. Since then of course security has become a huge issue for all websites even those not holding or conveying financial information as any site can be compromised and have personal information stolen. The cost of buying and installing SSL certs has also reduced and now in many cases is free.

So right now there’s no good reason NOT to have and SSL secured site as sites like Cloudflare and Let’s Encrypt provide basic DV certs for free, which are good enough for most sites. Additionally if your site is hosted on a server running WHM/cPanel then you already have access to free SSL.

https://blog.cpanel.com/autossl/

https://www.cloudflare.com/ssl/

https://letsencrypt.org/

So again we have to say with the price and installation no longer barriers there really is no reason not to have it. To reinforce the point Google then declared that it would start taking site security into account when ranking search engine results as well as drawing attention to insecure sites in it’s Chrome browser. So now you can choose not to implement SSL but it will hurt your site.

The next thing is GDPR which is a massive change in laws surrounding personal information and how companies protect it. It’s difficult and complex and some say places an unfair burden on small businesses and individuals but it it’s goal is to protect the private data of every single European citizen and eventually it will trickle down to improving data security for everybody.

If you are under the impression that you are immune to the law just by being in the US than that is incorrect. The law applies to anybody that collects or process the data for EU citizens anywhere in the world. So unless you block access to your site to everybody in Europe then it applies to you. The LA Times has decided to do just that until they can get their GDPR compliance up and running. To the surprise of many USA Today have created a special site for Europeans that is totally tracking-free and privacy-friendly and amazingly fast once all of the tracking and analytics scripts are removed.

I’ve created a brief blog about the GDPR that may be useful:

https://www.frequency.ie/blog/broadcast/understanding-gdpr-and-implementing-it-on-your-website

Going back to SSL, I definitely do not agree that SSL certs are pointless. And it really is not only for sites transmitting credit card details, it’s a signal of security for your site visitors, letting them know that you are treating them with some level of respect re their data.

Your analogy about locking the front door is on point. So yes everybody should really make some effort to lock the front door especially now that the locks are free and not doing it will result in a giant red flashing light outside your house stating how insecure it is. Not the best welcome for visitors!

https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

#4 - May 27, 2018, 11:52 PM
« Last Edit: May 27, 2018, 11:55 PM by Liam Fitzgerald »
Frequency - Design for Authors
https://www.frequency.ie

Introducing cover.works
Book cover design for authors and publishers
https://www.cover.works

Administrator
Poster Plus
  • ****
  • SCBWI Member
  • SCBWI Region houston
Liam, thanks for all this great information!  :thanks2
#5 - May 28, 2018, 05:49 AM
http://www.vonnacarter.com
Independent Publishers Galler
KidLit Agents/Editors @ Conferences, Workshops/Retreats/Online Workshops
twitter @VonnaCarter

Member
Poster Plus
  • *
  • SCBWI Member
  • SCBWI PAL
  • SCBWI Region sfnortheastbay
We can count on you to state it clearly, Liam.  :yourock
#6 - May 28, 2018, 09:13 AM
THE VOICE OF THUNDER, WiDo Publishing Aug 2012
THERE'S A TURKEY AT THE DOOR, Hometown520 July 2011

www.mirkabreen.com
http://mirkabreen.BlogSpot.com

Members:

0 Members and 1 Guest are viewing this topic.